{
"status": "Failed",
"error": {
"code": "InvalidContentLink",
"message": "Unable to download deployment content from 'https://raw.githubusercontent.com/Azure/SimuLand/main/2_deploy/aadHybridIdentityADFS/linkedtemplates/IdentityWorkbookARM.json'. The tracking Id is '387c21cf-d5e9-49ab-b1a6-f8dbdb487447'. Please see https://aka.ms/arm-deploy for usage details."
}
}

Your issue content here.

Please provide some guidance about the sequential order for the preparation steps. This will help to simplify the deployment by ensuring that dependencies are addressed.

Howdy folks,

I'm trying to deploy in Azure this template and I'm getting this error message:

Any guidance would be welcomed.

Many thanks!

{"code": "MultipleErrorsOccurred", "message": "Multiple error occurred: BadRequest,BadRequest. Please see details."}

Inner Errors:
{"code": "InvalidTemplate", "target": "/subscriptions/fXXXXXXXXXXXX/resourceGroups/rsg-adfslab/providers/Microsoft.Resources/deployments/CreateADForest", "message": "Deployment template validation failed: 'The value for the template parameter 'domainNetbiosName' at line '14' and column '30' is not provided. Please see https://aka.ms/arm-create-parameter-file for usage details.'.", "additionalInfo": [{"type": "TemplateViolation", "info": {"lineNumber": 14, "linePosition": 30, "path": "parameters.domainNetbiosName"}}]}

Inner Errors:
{"code": "InvalidTemplate", "target": "/subscriptions/XXXXXXXXXXXXXXXXXXXXXXXXXXXXXX/resourceGroups/rsg-adfslab/providers/Microsoft.Resources/deployments/JoinADFSServer", "message": "Deployment template validation failed: 'The value for the template parameter 'domainNetbiosName' at line '17' and column '30' is not provided. Please see https://aka.ms/arm-create-parameter-file for usage details.'.", "additionalInfo": [{"type": "TemplateViolation", "info": {"lineNumber": 17, "linePosition": 30, "path": "parameters.domainNetbiosName"}}]}

Hello, I am getting the below errors when deploying the lab.
Any insights or workaround on how I can go about the deployment in CLI.

"VM has reported a failure when processing extension 'SetUpADFS'. Error message: "Failed to download all specified files. Exiting. Error Message: invalid uri https://STORAGE ACCOUNT.blob.core.windows.net/pfx_blob/ADFS.PFX?[REDACTED]"

See below the JSON output from the deployment status.

{
"id": "/subscriptions/10f7ae7a-8e1f-4243-a7c8-a9cad049be4e/resourceGroups/azhybrid/providers/Microsoft.Resources/deployments/deployWinADFS/operations/84336BFFBEA14038",
"operationId": "84336BFFBEA14038",
"properties": {
"duration": "PT1M50.7129958S",
"provisioningOperation": "Create",
"provisioningState": "Failed",
"request": null,
"response": null,
"serviceRequestId": null,
"statusCode": "Conflict",
"statusMessage": {
"error": {
"additionalInfo": null,
"code": "VMExtensionProvisioningError",
"details": null,
"message": "VM has reported a failure when processing extension 'SetUpADFS'. Error message: "Failed to download all specified files. Exiting. Error Message: invalid uri https://STORAGE ACCOUNT.blob.core.windows.net/pfx_blob/ADFS.PFX?[REDACTED]\r\n"\r\n\r\nMore information on troubleshooting is available at https://aka.ms/VMExtensionCSEWindowsTroubleshoot ",
"target": null
},
"status": "Failed"

	 "resourceGroup": "azhybrid"

},
{
"id": "/subscriptions/10f7ae7a-8e1f-4243-a7c8-a9cad049be4e/resourceGroups/azhybrid/providers/Microsoft.Resources/deployments/deployWinADFS/operations/FBD2AF13D8CFDC7A",
"operationId": "FBD2AF13D8CFDC7A",
"properties": {
"duration": "PT1M56.9860345S",
"provisioningOperation": "Create",
"provisioningState": "Failed",
"request": null,
"response": null,
"serviceRequestId": null,
"statusCode": "Conflict",
"statusMessage": {
"error": {
"additionalInfo": null,
"code": "VMExtensionProvisioningError",
"details": null,
"message": "VM has reported a failure when processing extension 'SetUpDC'. Error message: "Failed to download all specified files. Exiting. Error Message: invalid uri https://STORAGE ACCOUNT.blob.core.windows.net/pfx_blob/ADFS.PFX?[REDACTED]\r\n"\r\n\r\nMore information on troubleshooting is available at https://aka.ms/VMExtensionCSEWindowsTroubleshoot ",
"target": null
},
"status": "Failed"
},
"targetResource": {
"id": "/subscriptions/10f7ae7a-8e1f-4243-a7c8-a9cad049be4e/resourceGroups/azhybrid/providers/Microsoft.Compute/virtualMachines/DC01/extensions/SetUpDC",
"resourceGroup": "azhybrid",

A New Version of the Windows Security Events Connector?

According to Microsoft docs, the new Windows Security Events connector lets you stream security events from any Windows server (physical or virtual, on-premises or in any cloud) connected to your Azure Sentinel workspace. There are now two versions of this connector:

• Security events (legacy version): Based on the Log Analytics Agent (Usually known as the Microsoft Monitoring Agent (MMA) or Operations Management Suite (OMS) agent).
• Windows Security Events (new version): Based on the new Azure Monitor Agent (AMA).

Other Windows Event Providers

We also need to use DCRs to handle the collection of events from other Windows event providers besides Microsoft-Windows-Security-Auditing

References:

• https://techcommunity.microsoft.com/t5/microsoft-sentinel-blog/testing-the-new-version-of-the-windows-security-events-connector/ba-p/2483369
• https://github.com/OTRF/Blacksmith/blob/master/templates/azure/Data-Collection-Rules/azuredeploy.json
• https://docs.microsoft.com/en-us/azure/azure-monitor/agents/data-collection-rule-azure-monitor-agent
• https://docs.microsoft.com/en-us/azure/azure-monitor/essentials/data-collection-rule-overview

When trying to set up Azure AD Connect on the domain controller for this deployment: https://github.com/Azure/SimuLand/tree/main/2_deploy/aadHybridIdentityADFS, I got a message saying that TLS 1.2 needed to be enabled on the server.

Reference: https://docs.microsoft.com/en-us/azure/active-directory/hybrid/reference-connect-tls-enforcement

The command listed at the bottom of the "Elevate Account Access" section didn't work for me (I received an "argument --assignee-object-id: expected one argument" error). I think this is because the "az ad signed-in-user" command didn't return an "objectId", just an "Id". [I'm using azure CLI version 2.39.0]

I guess that replacing the following:

az role assignment create --scope '/' --role 'Owner' --assignee-object-id $(az ad signed-in-user show --query objectId) --assignee-principal-type User

with:

az role assignment create --scope '/' --role 'Owner' --assignee-object-id $(az ad signed-in-user show --query Id) --assignee-principal-type User

is the correct fix, but it would be good for someone more familiar with the lab to confirm.

Greetings,

Running into an issue when attempting to run the powershell command to enable Audit Log Search in O365:

Set-AdminAuditLogConfig -UnifiedAuditLogIngestionEnabled $true

Error message is:
The command you tried to run isn't currently allowed in your organization. To run this command, you first need to run
the command: Enable-OrganizationCustomization.
+ CategoryInfo : NotSpecified: (AdminAuditLogConfig:String) [Set-AdminAuditLogConfig], InvalidOperatio...
ontextException
+ FullyQualifiedErrorId : [Server=CY4PR16MB1782,RequestId=eaf15b8e-3f95-4ddf-b33f-740a5ea2a87c,TimeStamp=8/15/2021
2:16:58 AM] [FailureCategory=Cmdlet-InvalidOperationInDehydratedContextException] 5B0EC96F,Microsoft.Exchange.Man
agement.SystemConfigurationTasks.SetAdminAuditLogConfig
+ PSComputerName : outlook.office365.com

Ran the suggested Enable-OrganizationCustomization command and it reported the command was not needed because customization already turned on.

Attempted to turn on Auditing in the O365 SCC GUI but receive an error there as well:
Sorry! We couldn't update your organization settings. Please try again.

I do see the following note in the Prereqs for this section:
You must be assigned the Audit Logs role in Exchange Online to turn audit log search on or off in your Microsoft 365 organization. By default, this role is assigned to the Compliance Management and Organization Management role groups on the Permissions page in the Exchange admin center. Global admins in Microsoft 365 are members of the Organization Management role group in Exchange Online.

Looking in Exchange Admin Center, the single global admin account that I created when setting up the environment is in the TenantAdmins role group, and that group is assigned the Organization Management role. I did attempt to add the Admin account directly to see if that would have any impact but still the same issue for me.

Any guidance would be appreciated!

When attempting to deploy simuland, and completing all the required fields, we keep on getting "Template Validation Error". This seems to be an error from the downstream Win10-AD-ADFS template. Our desired configuration is to use AzureBastion. We selected AzureBastionHost and left the "Allowed IP Addresses" blank. Can't seem to figure out how to fix this in our deployment. Thanks.

Getting permissions problems when trying to deploy the AD FS

Keep getting the error ''You don’t have authorization to perform action 'Microsoft.Resources/deployments/validate/action'.''
Tried with both global administrator and root account. Tried to toggle to yes in the AD properties Access management for Azure resources .
Has anyone encounter that problem before?

Overview

The installation of ADFS and DC's VM extension is failing. I've been trying to debug where exactly this is failing. I'm getting a 403 Forbidden, Failed to download all specified files. Exiting. Error Message: The remote server returned an error: (403) Forbidden. Is there something that can be looked into further on the 403 Forbidden error?

Verbose error JSON:

{
    "status": "Failed",
    "error": {
        "code": "VMExtensionProvisioningError",
        "message": "VM has reported a failure when processing extension 'SetUpADFS'. Error message: \"Failed to download all specified files. Exiting. Error Message: The remote server returned an error: (403) Forbidden.\"\r\n\r\nMore information on troubleshooting is available at https://aka.ms/VMExtensionCSEWindowsTroubleshoot "
    }
}

Images

Image showing provisioning failed

Image showing status message

Expected Result

The VM extensions return OK / Success for the DC and ADFS.

I've gotten this specific deployment to work at least once (was able to validate endpoints registered in MDE, and workstation and ADFS were domain joined, and validated ADFS was working by signing in from the workstation with the ADFS user account, and Sentinel was connected.) I was not seeing MDI agents deployed, so restarted. But I have gotten this error at least 3 separate times where the deployment fails on ADFS01/SetUpADFS and DC01/SetUpDC. Any thoughts on troubleshooting or what I need to change? it's erroring on vm extensions for both. I see resources created -- but ADFS service is not running.

{
"status": "Failed",
"error": {
"code": "VMExtensionProvisioningError",
"message": "VM has reported a failure when processing extension 'SetUpADFS'. Error message: "Failed to download all specified files. Exiting. Error Message: The remote server returned an error: (404) Not Found."\r\n\r\nMore information on troubleshooting is available at https://aka.ms/VMExtensionCSEWindowsTroubleshoot "
}
}

{
"status": "Failed",
"error": {
"code": "VMExtensionProvisioningError",
"message": "VM has reported a failure when processing extension 'SetUpDC'. Error message: "Failed to download all specified files. Exiting. Error Message: The remote server returned an error: (404) Not Found."\r\n\r\nMore information on troubleshooting is available at https://aka.ms/VMExtensionCSEWindowsTroubleshoot "
}
}

Getting certificate thumbprint error in Install-ADFS

Scenario :
Been trying to deploy this environment for weeks! We are trying to deploy the environment in our current Azure environment that already has a domain and AD within.
We tried first to deploy using that domain name as the FQDM but we would not able to AD connect in the DC because the federation existed already.
We then tried to redeploy using a subdomain as our FQDN (ex: simuland.example.com ) changed the ps1 template for the AD to match : (as previously mentioned in another issue. )

$DomainName1,$DomainName2,$DomainName3 = ($using:domainFQDN).split('.')
$ParentPath = "DC=$DomainName1,DC=$DomainName2,DC=$DomainName3 "

Everything deploys correctly up to Install-ADFS and this certificate thumbprint error. I am wondering if we have a wildcard certificate for our domain name ( *.example.com ) if that is enough or do we need an extra wildcard certificate for the subdomain as well ( *.simuland.example.com ) to satisfy the requirements of the newly create federation which will be adfs.simuland.example.com ? Trying to be as clear as possible here.
Running a little short on solutions here and would really appreciate to get this environment going for our team!
Thanks in advance.

Hi,

I am getting a conflict error on the deployment script and work what the issue is, just wondering if theres something obvious I am missing:

I have uploaded the full error txt.

Should the CreateADForest Resource exist in both deployWinADFS and CreateADForest like this?

Error.txt

[Orginal document]
4. On the same elevated PowerShell session, run the following commands to install AADInternals if it is not installed yet:

Install-Module –Name AADInternals –RequiredVersion 0.4.8 -Force 
Import-Module –Name AADInternals 

I got errors when I run it but to get over the error by running the above scripts, I can use these instead

Install-Module -Name AADInternals -RequiredVersion 0.4.8
Import-Module AADInternals

This Article Add Credentials to Application
as s broken link to Credentials were added to an Azure AD application after 'Admin Consent' permissions granted [Solorigate]

In step 5 it stated to go to the "Office 365 security & compliance" when it should say "Microsoft 365 compliance center"

In grantDelegatedPermissionsToApplication.md, the last step before the detections is a POST for the permissions grant against the service principals. As I work through this, I get a 409 conflict which upon additional research seems to indicate that the permissions already exist. It isn't clear to me that because we have done the permissions for mail.read in an earlier step if that is why it is throwing this message or what or if this needs to be a patch instead. Can that be clarified a bit? BTW, this is fantastic work.

Hello, there seems to be an error for the link mentionned below in my picture.
I did go to the github repository and it seems like it has been changed 3 days ago.
The new links are : (Directory changed from ASimRegistery to ASimRegisteryEvent)

https://github.com/Azure/Azure-Sentinel/blob/master/Parsers/ASimRegistry**Event**/ARM/vimRegistryEventMicrosoftWindowsEvent/vimRegistryEventMicrosoftWindowsEvent.json

and

https://github.com/Azure/Azure-Sentinel/blob/master/Parsers/ASimRegistry**Event**/ARM/vimRegistryEventMicrosoftSysmon/vimRegistryEventMicrosoftSysmon.json

Is it possible to update the deployment json file to point to the correct link?

Dependency error

az : ERROR: {"code": "MultipleErrorsOccurred", "message": "Multiple error occurred: BadRequest,BadRequest. Please see details."}
At line:1 char:1

• az deployment tenant create `

•   + CategoryInfo          : NotSpecified: (ERROR: {"code":... see details."}:String) [], RemoteException
    + FullyQualifiedErrorId : NativeCommandError
  
  

Inner Errors:
{"code": "InvalidContentLink", "message": "Unable to download deployment content from
'https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Parsers/ASimFileEvent/ARM/vimFileEventMicrosoftSysmonCreated/vimFileEventMicrosoftSysmonCreated.json'. The
tracking Id is '45248d57-7b06-44c0-8586-6782a58ae30b'. Please see https://aka.ms/arm-deploy-resources for usage details."}
Inner Errors:
{"code": "InvalidContentLink", "message": "Unable to download deployment content from
'https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Parsers/ASimFileEvent/ARM/vimFileEventMicrosoftSysmonDeleted/vimFileEventMicrosoftSysmonDeleted.json'. The
tracking Id is '45248d57-7b06-44c0-8586-6782a58ae30b'. Please see https://aka.ms/arm-deploy-resources for usage details."}

Hi!

Getting this error while trying to deploy the template, azureSentinel2Go succeeds and all else seems to build normally. Wondering if you had encountered it before and what I may be missing, google is not cooperating too much on this one!

AADConnector-7bolxxjg3amwg
microsoft.aadiam/diagnosticSettings
NotFound
Operation details


{
    "status": "Failed",
    "error": {
        "code": "OperationNotFound",
        "message": "Path: '/subscriptions/.../resourcegroups/azhybrid/providers/microsoft.aadiam/diagnosticSettings/AADConnector-7bolxxjg3amwg' is not supported"
    }
}

Hello - on part two - deployment steps - I'm getting a conflict error on enabling data connectors. Any insights or how to fix this would be greatly appreciated. My connector for Office ATP and Microsoft Threat Protection states not support api version. This is in my commercial test tenant.

Conflict

{
"status": "Failed",
"error": {
"code": "DeploymentFailed",
"message": "At least one resource deployment operation failed. Please list deployment operations for details. Please see https://aka.ms/DeployOperations for usage details.",
"details": [
{
"code": "BadRequest",
"message": "{\r\n "error": {\r\n "code": "BadRequest",\r\n "message": "Connector kind 'MicrosoftThreatProtection' is not supported in api-version: '2020-01-01'"\r\n }\r\n}"
},
{
"code": "BadRequest",
"message": "{\r\n "error": {\r\n "code": "BadRequest",\r\n "message": "Connector kind 'OfficeATP' is not supported in api-version: '2020-01-01'"\r\n }\r\n}"
},
{
"code": "Unauthorized",
"message": "{\r\n "error": {\r\n "code": "InvalidLicense",\r\n "message": "Missing consent"\r\n }\r\n}"
}
]
}
}

Hi,

I was wondering whether there is any optimum way to deploy this solution? Right now my predicted costs on this subscription seem to be sky rocketing.

Cheers

Testing environment in a new environment with M365 E5 licenses enabled. I believe I might be missing either a license to enable the Azure Sentinel data connector or maybe just a few settings in MDE to enable the connection with the SIEM